4701 matches found
iTop Hub Connector - Information Disclosure
Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. id: CVE-2024-32870 info: name: iTop Hub...
GHSA-MX8G-39Q3-5C79 vulnerabilities
Vulnerabilities for packages: argo-workflows...
CVE-2026-54157 LobeHub: Unauthenticated SSRF in `/webapi/proxy`
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...
GHSA-HCXC-WF8J-23HV vulnerabilities
Vulnerabilities for packages: grafana-fips...
CVE-2026-56142
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible...
CVE-2026-56141
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible...
CVE-2026-50242
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...
CVE-2026-50242
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...
EUVD-2026-38008
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...
CVE-2026-50242
JetBrains Hub is affected by an authentication bypass vulnerability in versions listed (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The issue allows bypass via direct database access, leading to administrative access. The CVSS metrics indicate ...
EUVD-2026-38006
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible...
EUVD-2026-38007
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible...
CVE-2026-56141
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible...
CVE-2026-56142
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible...
CVE-2026-56141
JetBrains Hub contains a critical vulnerability (CVE-2026-56141) allowing account takeover via predictable restore codes in multiple releases prior to 2026.1.13757 (including 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429). The CVSS 3.1 base score is 9.8 (CRITICAL) with...
CVE-2026-56142
In JetBrains Hub, prior to 2026.1.13757, and across versions 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429, there is a privilege escalation vulnerability described as: attaching authentication details to accounts enables elevation of privileges. The sources (NVD, CVE l...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handling deconfigured sockets When a socket is deconfigured, it is mapped to SOCKEMPTY 0xffff. This causes a panic during the allocation of UV hub info structures. This issue has been fixed by using NUMANONODE,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a deadlock in the “disable” sysfs attribute. The show and store callback routines for the “disable” sysfs attribute in port.c acquire the device lock for the port’s parent hub. This can cause problems if another...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xhci: A null pointer dereference was fixed in the remove function, especially when xHC has only one roothub. The remove function in the xhci platform driver attempts to remove both the main hcd and the shared hcd, even if only th...
PT-2026-50873
Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...